Smartcards and tokens

Lou Wynn lewisurn at gmail.com
Fri Dec 16 19:33:48 CET 2016


On 12/15/2016 04:18 PM, Andrew Gallagher wrote:
>> On 15 Dec 2016, at 19:24, Lou Wynn <lewisurn at gmail.com> wrote:
>>
>> If the host machine is compromised, what's the purpose of doing encryption on the SmartCard? Attackers don't need to know the key to get your plaint ext, because it is on the host machine.
> The difference is that if you use a smart card in a compromised host, the plaintext of particular messages may be compromised but the key itself remains secure. It also helps in the case of hardware loss or theft, because an encrypted drive can be brute forced, but smartcards have retry limits that can't be worked around short of dissecting the silicon. 
I agree that a SmartCard can protect a private key, but that's a
marginal benefit because the bottom line of using a SmartCard is the
same as that of using an encrypted USB drive, which is

Do not use it in an untrusted or compromised host environment.

If you stick to the bottom line, then there is no point to emphasize the
difference.

The difference only comes in when you violate the bottom line and want
to use it in an untrusted or compromised host and "wish" that you could
get security. In this case, SmartCard can prevent your key from being
read. However, I would suggest anyone who uses a SmartCard not to do it
at all because using it in such an environment cannot give you security:
either signature or encryption.

I'd like to say more about "brute force" since you seem to misunderstand
the basic threat model of modern cryptography, whose design goal is only
to allow brute force attacks. However, it's computationally infeasible
in practice to guess the correct key by using brute force. A successful
cryptographic design is one where there is no systematic way to break it
unless an opponent can enumerate over the key space. SmartCard is no
immune to this. A brute force attack doesn't need to read the card, and
it simply enumerates keys in the key space used by the SmartCard. What
you said--limiting the number of reads on the card--is not a measure
against brute force. It is a measure to prevent reading secret materials.

-- 
Thanks,
Lou





More information about the Gnupg-users mailing list